ralph-tdd

SUSPICIOUS: the skill’s core purpose is coherent, but it intentionally grants an AI agent broad AFK autonomy to read backlog content, execute shell commands, modify code, update trackers, and commit changes. The biggest risks are autonomous real-world actions, transitive skill installation, and prompt-injection exposure from external task sources rather than overt malware or credential theft.